Registering Disconnected Log Collector with QRadar by using the QRadar Log Source Management app

The IBM QRadar Log Source Management app provides an easy-to-use workflow that helps you quickly find, create, edit, and delete log sources. In IBM QRadar 7.4.0 or later, use the QRadar Log Source Management app (version 6.0 or later) to register Disconnected Log Collector instances with your QRadar deployment.

About this task

When you register a Disconnected Log Collector with your QRadar deployment, you can use the QRadar Log Source Management app to configure log sources by using protocols that Disconnected Log Collector supports.

You can assign log sources to a registered Disconnected Log Collector, export the configurations, and then import them into your Disconnected Log Collector. You can also use a registered Disconnected Log Collector to define a Domain filter.

Procedure

  1. In the QRadar Log Source Management app, click Disconnected Log Collectors > Register Disconnected Log Collector.
  2. Configure the following parameters:
    Field Description
    Name Enter a name for the Disconnected Log Collector instance (for example, DLC TLS Protocol).
    Description Enter a description of the Disconnected Log Collector instance.
    UUID Enter the UUID identifier that is unique to the Disconnected Log Collector instance. The identifier is the /etc/dlc/instance/<UUID> folder name.
    Protocol Select the communication protocol that is used to get events from Disconnected Log Collector. Choose TLS (default) or UDP. The setting must match the Disconnected Log Collector protocol setting.
    Version Enter the Disconnected Log Collector version (for example, 1.7).
  3. Click Register.

What to do next

Configuring a log source for collection by a Disconnected Log Collector